diff options
Diffstat (limited to 'qvisqve/auth_router.py')
| -rw-r--r-- | qvisqve/auth_router.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/qvisqve/auth_router.py b/qvisqve/auth_router.py index 097b5e7..8917df5 100644 --- a/qvisqve/auth_router.py +++ b/qvisqve/auth_router.py @@ -85,6 +85,17 @@ class AuthRouter(qvisqve.Router): 'trace', msg_text='params', path=path, qs=qs, params=params, cleaned=cleaned) + client_id = cleaned.get('client_id') + redirect_uri = cleaned.get('redirect_uri') + app = self._apps.get(client_id) # Check the app exist + if app is None: + redirect_uri = '' + else: + callbacks = self._apps.get_callbacks(client_id) + if redirect_uri not in callbacks: + redirect_uri = '' + cleaned['redirect_uri'] = redirect_uri + aa = self._attempts.create_attempt(cleaned) form = bottle.template(login_form, attempt_id=aa.get_attempt_id()) headers = { @@ -129,11 +140,15 @@ class AuthRouter(qvisqve.Router): code = gen.create_nonce() aa.set_authorization_code(code) + redirect_uri = aa.get_redirect_uri() + if redirect_uri == '': + return qvisqve.bad_request_response('Bad request') + params = { 'code': code, } url = '{}?{}'.format( - aa.get_redirect_uri(), + redirect_uri, urllib.parse.urlencode(params) ) |